ec79b58402
Merge pull request #3020 from aldas/v4_v4-15-4_changelog
...
Changelog for v4.15.4 - security fix
2026-06-15 21:23:04 +03:00
2714c07b79
Changelog for v4.15.4 - security fix
2026-06-15 21:19:19 +03:00
13f0ed18cd
Merge pull request #3019 from aldas/v4_backport_3016
...
backport PR 3016 from v5 to v4
2026-06-15 21:16:33 +03:00
d16a4ecf05
backport PR 3016 from v4
2026-06-15 21:04:42 +03:00
8f167b9d45
Merge pull request #3018 from aldas/v4_remove_v5_dep
...
remove dependency on labstack/echo v5 introduced in go.mod and go.sum
2026-06-15 21:04:09 +03:00
9afa4bae5e
remove dependency on labstack/echo v5 introduced in go.mod and go.sum
2026-06-15 20:59:18 +03:00
1e05f6351a
Merge pull request #3017 from aldas/v4_ci_updates
...
Update CI action versions for v4 branch
2026-06-15 20:44:48 +03:00
11a3cc46b9
Update dependencies and add ignore for linting
2026-06-15 20:39:27 +03:00
26bd016499
Update CI action versions
2026-06-15 20:32:09 +03:00
aa52f6a5c7
ci: run workflows on the v4 branch, not just master ( #3013 )
...
Add v4 to push/pull_request branch filters so v4 PRs and pushes get CI.
2026-06-14 09:31:37 -07:00
8800212ad4
Changelog for v4.15.3 ( #3012 )
...
Release v4.15.3.
2026-06-14 09:16:56 -07:00
c3fa2a27ff
fix(static): reject encoded path separators that bypass route-level middleware ( #3011 )
...
v4 backport of GHSA-vfp3-v2gw-7wfq. See PR #3011 .
2026-06-14 09:15:52 -07:00
25685e6f5f
Merge pull request #2963 from aldas/v4_changelog_4_15_2
...
Changelog for v4.15.2
2026-05-01 20:59:02 +03:00
f9d76893c6
Changelog for v4.15.2
2026-05-01 20:57:43 +03:00
37fff28f72
Merge pull request #2962 from aldas/v4_valid_proto
...
V4: Context.Scheme should validate values taken from header
2026-05-01 20:49:05 +03:00
ca4f38a474
Context.Scheme should validate values taken from header
...
Backport PR #2953 (d1d8ad3f99
2026-05-01 20:44:50 +03:00
2e527a70a7
Update CI, update deps
2026-05-01 20:38:42 +03:00
6f3a84a505
Merge pull request #2905 from aldas/v4_crsf_token_fallback
...
CSRF: support older token-based CSRF protection handler that want to render token into template
2026-02-22 13:50:50 +02:00
24fa4d07ff
CSRF: support older token-based CSRF protection handler that want to render token into template
...
(cherry picked from commit 9183f1e809
2026-02-22 13:44:32 +02:00
482bb46fe5
v4.15.0 changelog
2026-01-01 12:57:24 +02:00
d0f9d1e735
CRSF with Sec-Fetch-Site=same-site falls back to legacy token
2025-12-29 23:39:24 +02:00
f3fc61848f
CRSF with Sec-Fetch-Site checks
2025-12-29 23:39:24 +02:00
4dcb9b44f0
licence headers
2025-12-28 23:21:31 +02:00
cbc0ac1dbc
Add PathParam(Or)/QueryParam(Or)/FormParam(Or) generic functions
2025-12-28 23:21:31 +02:00
6b14f4ef3f
Add Context.Get generic functions
2025-12-28 23:21:31 +02:00
321530d2c2
disable test - returns different error under Windows
2025-12-12 13:10:53 +02:00
c8abd9f7db
disable flaky test
2025-12-12 13:10:53 +02:00
9fe43f78b8
fix Rate limiter disallows fractional rates
2025-12-12 13:10:53 +02:00
1b5122aaed
document things to reduce false positives
2025-12-12 13:10:53 +02:00
b70ec6a084
add checks for invalid casts
2025-12-12 13:10:53 +02:00
cdcf16d3cf
deprecate timeout middleware
2025-12-12 13:10:53 +02:00
c9b8b36c9a
fix Time-of-Check-Time-of-Use bug in rate limiter
2025-12-12 13:10:53 +02:00
1d63c1c242
licence to test file
2025-12-12 13:10:53 +02:00
f7dc94df14
handle errors in body dump middleware
2025-12-12 13:10:53 +02:00
0232b57927
improve logger middleware error value logging
2025-12-12 13:10:53 +02:00
e2133320c7
fix goroutine leak in proxy raw mode
2025-12-12 13:10:53 +02:00
88a60e4bac
fix data race with errors in proxy raw
2025-12-12 13:10:53 +02:00
6392cb4598
Changelog for 4.14.0
2025-12-11 22:49:38 +02:00
c9bd2cd8e3
Update golang.org/x/* deps ( #2850 )
2025-12-11 15:38:04 +02:00
c12cb08a86
Logger middleware json string escaping and deprecation ( #2849 )
...
* Logger middleware should escape string values when outputting JSON
* Add Go license to logger_strings.go
* Deprecate middleware.Logger
2025-12-11 14:39:59 +02:00
612967a9fe
Update deps
2025-11-22 16:33:22 +02:00
53b692c4d4
Ensure proxy connection is closed in proxyRaw function
...
(#2837 )
2025-10-26 19:26:29 +02:00
e644ff8f7b
Replace custom private IP range check with built-in net.IP.IsPrivate() method
2025-10-15 21:46:24 +03:00
40e2e8faf9
Fix typo "+"
2025-10-07 22:31:32 +03:00
55cb3b625d
Optimize realm quoting to happen once during middleware creation
...
Move strconv.Quote(config.Realm) from per-request execution
to middleware initialization for better performance.
- Pre-compute quoted realm at middleware creation time
- Avoids repeated string operations on every auth failure
- Maintains same behavior with better efficiency
Performance improvement suggested during code review.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-09-26 11:48:13 +03:00
dbd583fa4d
Add comprehensive tests for realm quoting behavior
...
Tests cover:
- Default realm quoting
- Custom realm with spaces
- Special characters (quotes, backslashes)
- Empty realm fallback to default
- Unicode realm support
Addresses review feedback about testing strconv.Quote behavior
in WWW-Authenticate header per RFC 7617 compliance.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-09-26 11:48:13 +03:00
432a2adf46
Improve BasicAuth middleware: use strings.Cut and RFC compliance
...
- Replace manual for loop with strings.Cut for credential parsing
- Simplify realm handling to always quote according to RFC 7617
- Improve code readability and maintainability
Fixes #2794
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-09-26 11:48:13 +03:00
212bfe0071
Fix typo in ContextTimeout middleware comment
...
Change 'aries' to 'arises' in ErrorHandler comment.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-09-26 11:23:09 +03:00
b4ea924836
Fix typo in SetParamValues comment
...
Change 'brake' to 'break' in Router#Find code comment.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-09-26 11:22:52 +03:00
52d2bff1b9
Modernize context.go by replacing interface{} with any ( #2822 )
...
Modernizes the Context interface by replacing all instances of interface{}
with the more readable 'any' type alias introduced in Go 1.18.
**Changes:**
- Replaced interface{} with any in all Context interface method signatures
- Affects Get(), Set(), Bind(), Validate(), Render(), JSON(), JSONP(), XML(),
Blob(), Stream(), File(), Attachment(), Inline(), and NoContent() methods
- Total of 23 interface{} → any replacements
**Benefits:**
- Improves code readability and modernizes to Go 1.18+ standards
- No functional changes - 'any' is just an alias for interface{}
- Follows current Go best practices for new code
- Makes the API more approachable for developers familiar with modern Go
**Compatibility:**
- Zero breaking changes - 'any' and interface{} are identical
- Maintains full backward compatibility
- All existing code continues to work unchanged
This modernization aligns Echo with current Go conventions while maintaining
100% compatibility with existing applications.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-authored-by: Claude <noreply@anthropic.com >
2025-09-15 22:08:28 -07:00
Martti T.
Vishal Rana
kumapower17
yuya-morimoto